REMARKS 

This is responsive to the Office Action dated October 11, 2005 in the above identified 
appUcation. A petition for a 3 month extension of time is enclosed, along with the appropriate fee. 

The present invention teaches a novel technique in implementing security policy rules. The 
present invention stores the rules separately from the main software, and only loads them for 
execution when specified conditions occur. Thus, unlike all of the prior art cited, the present 
invention does not require the execution of these security policy rules each time the main software is 
run. 

All of the independent claims clearly point out this important distinction, although they use 
slightly different language to do so. For example, amended claim 8 recites: ' Integrating said rules 
into said data access management software such that said specified data transactions are 
prohibited, wherein said rules are not integrated with said data access management software prior 
to said occurrence of said specified action ." Similarly, independent claim 10 recites "upon a first 
specified condition occurring, modifying data access management software to include a rule that 
prohibits a known party from accessing specified information in a database or file . . . upon a second 
specified condition occurring, removing said rule from the data access management software and 
storing said rule for future use." (underlining added). In other words, the rules are independent of 
the main software, and are only loaded into program memory when they should execute. 

This concept is described in applicant's original specification, for example, at pages 3-5 
and Figure 1. This unique feature is not described in any of the cited prior art. With one 
exception, all of the cited art appears to relate to security policies that are enforced with a static set 
of code that performs various tests and prohibitions. 

As best applicant can tell from review of the cited references, only Hudson '637 relates in 
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any way to a dynamic policy. However, Hudson implements the same fixed security policy 
applicable to a user for the duration of the user's session, (col. 1-2) It is "dynamic" only in the 
sense that it lasts for a user session. Hudson does not continue to monitor conditions and load rules 
from a remote source upon conditions occurring during the user's session. Accordingly, none of 
the prior art teaches applicant's system of storing the rules separately, monitoring the system for 
the occurrence of specified conditions, and then loading rules in and out of memory as conditions 
come into being and cease from existence. 

Applicant therefore respectfully requests reconsideration and allowance in view of the above 
remarks and amendments. The Examiner is authorized to deduct additional fees believed due from 
our Deposit Account No. 11-0223. 



Respectfully submitted, 



KAPLAN OILMAN GIBSON DERNIER LLP 
900 Route 9 North, 5^^ Floor 
Woodbridge, New Jersey 07095 
Telephone (732) 6/4-7634 




Dated: April 10, 2006 



Jeffrey I. Yl/b^^ 
(Reg. NoVw/56) 
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